Cisco backtracks on open source

Breaks promise to SMBs

After promising to turn the client software for its Cisco Trust Agent (CTA) into an open source application, the company is now back tracking on the plan.

Bob Gleichauf, CTO of Cisco's Security Technology Group, said that the company has not made up its mind yet about the future of the CTA software.

"Where I misspoke was speaking in terms of CTA going open source as if that's a given, and that was incorrect. That was my mistake," Gleichauf said. "It has been part of a discussion of a number of different options available to us, but it's not a viable option at this time," he said.

A more circumspect Gleichauf said that, in earlier comments, he was just speculating that CTA might be turned into an open source component. "Open source was one thing that's a way of dealing with various components as work toward an integrated solution," he noted

He declined to discuss the pros and cons of going open source with the CTA client, a desktop software agent that is used to enforce security policies on machines that seek access to networks.

However, Gleichauf did say that he was concerned about the reaction of Cisco customers to comments he made to InfoWorld at the RSA Conference in early February, saying that Cisco would "open up" CTA within two months so it could devote development resources to other areas of NAC.

"We don't want partners and customers to think we're pursuing that. That was a mistake," he said. "Customers need to know how to prepare for any new initiative or technology or product. What I did a disservice to on everyone was stating something as a fact that wasn't a fact and that can affect planning, whether a funding decision or a build decision or a partner decision."

As for the future of NAC, Gleichauf said that Cisco is looking for ways to tie Cisco's NAC appliance, formerly known as Cisco "Clean Access," with the company's NAC "framework," a larger NAC solution, which relies on Cisco routers and switches to do policy enforcement.

In the end, Cisco may end up throwing the CTA client open source as a way to differentiate itself from Microsoft's Network Access Protection (NAP) technology, which is integrated in the Vista operating system, said Zeus Kerravala, an analyst at Yankee.

"Cisco's wondering 'how do we differentiate our own client?' Allowing application developers to experiment with it is one way, and the best way to do that is open source," Kerravala said.

The stakes for Cisco are low as only a handful of its customers have committed to the CTA, Kerravala said.

Adam Hansen, security manager at the law firm Sonnenschein, Nath & Rosenthal said that, in the scheme of things, open sourcing the CTA client – or not – was of little importance. However, Cisco might derive considerable value from opening other elements of NAC framework and making it easier for third-party vendors to plug into it.

"You don't get value from NAC. You get value from systems that interoperate with NAC," Hansen said.

Thus far, however, Cisco's integration with other products – especially those of competitors in the networking infrastructure space, is almost nonexistent, while the cost of implementing the NAC framework end to end is prohibitive, Hansen said.

Gleichauf acknowledged that customers want choice and that moving to an open standards model could stimulate that, but he said that Cisco will have to work towards it incrementally.

"What we've discovered even using a lot of standards-based protocols is that you have to sort out a lot of moving parts, and that's not where you start. That may be where Cisco ends up with this technology, but in order to get something in customer hands that works, you've got to start picking pieces that you control and can shape and working towards an enterprise product," Gleichauf said.